Our plugins do not contain malicious code. They contain however programming methods, that can be used in some circumstances, as malicious code. An real life example of this: a knife can be used to slice bread or in crimes. My plugins are using the knife to slice bread.

However, some antivirus companies create software that analyze code by pattern matching, and do not check exactly what the code is doing, before reporting it as malicious (they detect a knife on me, and they report me to the police for murder, without the murder even being there in the first place)…

Conclusion: My plugins are not malicious files, your antivirus software is detecting them as a false positives (files that are not malicious, but are detected as malicious by bad antivirus software).

The plugin uses crontab to schedule cron jobs outside of WordPress, it is not executing any malicious code using crontab – just to replace wp_cron, if the user selects to do so from plugin settings (otherwise this code is not executed).