The old method of exporting appended binary data to the end of EXE files, which was suspicious to some AV software. Now it always exports the same single EXE file (the plain, unmodified version of node-webkit) and uses a separate data file. That has resolved some false positives, but if some AV software thinks the plain old EXE file with nothing extra added is suspicious, there's really not much we can do about it. We can't digitally sign the file, because we don't want our digital signature to be used for other people's games. You could try signing it yourself, or disable AV, or find a way to whitelist the file, and I'd also report the problem to your AV vendor since node-webkit is not malicious software.
It's possible future node-webkit updates will resolve the issue, basically by chance (the binary data in the EXE is more or less random, and must be by chance matching the signature of a virus). However it doesn't mean it won't come back in future updates.