If your binary output a text file or whatever with commands for GPG, which I could then execute and put back into keybase, that would solve the problem.
I agree, usability nightmare, but it would be a nice paranoid option.
Hmm, interesting idea. In general, there is only one sensitive operation per keybase invocation (though many signature verifications that use only public keys), so this is doable but cumbersome.