I wouldn't wanna let it probe 'rm' :D

Perhaps the probing could happen in a VM / container image which would reset after each invocation.

You'd of course do it inside a controlled environment, via virtualization or similar technologies which let you monitor, veto, or roll-back anything the analyzed program does. (And if it's malicious/sneaky enough to escape that, then it wasn't safe to use in a manual fashion, either.)