Well, antiviruses usually flag also pentesting tools like nmap (this is just an example, I didn't actually test it but I wouldn't be surprised if it is flagged) because those are "hacking tools" even if they don't do anything by themselves. So it would be more interesting to know why it gets flagged, just saying that it is flagged doesn't mean much as like in the previous example, they could decide to flag something just because it is unusual.