Hello,
I downloaded the hub to review, but checking and scanning the file, Backdoor.MSIL.XWorm.gen.gxta was detected → see results
It was downloaded from https://downloads.certifytheweb.com/beta/latest/certify-mgmthub-windows-x64-latest.exe
This is a false positive. The AV engine doing the scan appears to have been released in 2014 so I doubt it’s still reliable.
We have tried some other scanners and they haven’t revealed any problems but the exe file sha256 hash matches the one from our build system, so the only way it would get infected is if Github Actions were compromised, and I think we’d hear about that.