Dboy Auditor detects tampering with core system components and all pre-installed apps. Android has very strong sandboxing and it's hard for an app to get past that. GrapheneOS makes it even stronger. Most malware can be cleared by a reboot anyway, so daily reboots are a good (although in most cases unnecessary) security practice if you want to have peace of mind.
"Malware detectors" aren't a very clever idea. Malware developers will test their malware and optimize it to evade detection by these tools so little can be achieved. Additionally, a proper malware detector would need system-level access (like on PCs) and that's not possible to get on Android unless built into the system. Google Play already scans apps with Play Protect which should be more advanced than other tools out there and you get the benefit that once an app is reported as malicious you immediately get notified.
In the end it usually comes down to you picking apps you trust and have a high reputation. I'd obviously trust the Amazon app, while I'd approach some random game in the Play Store with more caution. Bonus points for using popular, well-audited open source software. If you feel something's off with a particular app, just uninstall it and find an alternative.