The canary tokens are safe to use.
What you are seeing is known as a false positive. An incorrect assertion that something is a risk. This is not too uncommon in security which goes some way into explaining why anti-virus finds false positives.
Virustotal is another site where you can check URLs against a database of many anti-virus engines
Try the canary token servers URL at virustotal yourself. You will find this service suggests there are no risks identified.
You can also examine the canary tokens yourself to look for anything suspicious. You will find they function as described. They don't even contain code, they reach URLs and DNS servers using built in features of applications. They are also open source.
Also consider the userbase, 1/4 million students have used canary tokens. If there was an issue with them someone would have wrote about it. :)
If you are suspicious of anything then test it in a virtual machine as described in The Complete Cyber Security Course.