With Electrum, you can have two wallets, one with the private keys on an airgapped machine, and one with watch-only addresses on a connected one that does not contain any private key.
You can create a raw transaction which you can transfer to your secure machine, sign it there, copy the signed transaction back and broadcast it. That way, the private key was never exposed to the potentially insecure machine.
You can do the same with the CLAM client. Create the raw transaction on an online machine and sign it on an airgapped offline machine:
$ clamd help createrawtransaction | head -1
createrawtransaction [{"txid":txid,"vout":n},...] {address:amount,...} [tx-comment]
$ clamd help signrawtransaction | head -1
signrawtransaction [{"txid":txid,"vout":n,"scriptPubKey":hex,"redeemScript":hex},...] [,...] [sighashtype="ALL"]
I suggested that to him, but he said that he doesn't want "clamd" to access his Private Keys
Thanks for the thought you put into it, but it would still mean that I give eg clamd access to my keys (in a truly paranoid way I could argue that they might be added into the transaction as eg comments). Ideally, Clam would allow me to export an unsigned transaction which I can sign for example with Electrum or signrawtransaction, save and re-import in Clam to broadcast. I'm looking for a method where I don't need to give Clam any access to any private key.
At least the way that I see it, he wants to sign a the clam transaction that will allow him to dig his Clams, but he doesn't want to do it with Clamclient because he is worry about the possibility that the software will add to the signature some "theorical" trace of his Private Key encoded in the way of comments or a 'hidden message' so he told that even an airgapped offline Clamclient is not trusted for him.
As far I can see he trust Electrum to do signing for unsigned transaction or raw transactions on an offline airgapped environment but even if he creates a raw transaction with a Clamclient, he's won't be able to sign that transaction with his Bitcoin client that he use to sign Bitcoin transactions and he feel will not add anything "extra" to the transaction, because like was pointed before many altcoins including Clam use a different 'version byte' than Bitcoin. Some type of modification to the source code should be needed to allow for example his Electrum wallet to sign the Clam raw transaction and that open the question 'would you trust your bitcoin client after been modified?' because if you don't make the changes to the code by yourself knowing what the new added feature does, you end up in the same situation as trusting the Clamclient just that is even worse because if the new feature is not public available as open source other peers won't be able to review and warn you about something suspicious in the code.
I think the best way to solve a case like this will be (if it's possible) to explain in a easy way the differences between how does the Bitcoin Client and Clam Client creates the signature for a transaction, that way maybe, someone could see well that the process is almost equal to how Bitcoin do it and the parts were is not equal is because of for example 'version byte' and how that doesn't compromised or add anything extra. Of course that will require the ability to read the code and understand how it works, because it probably won't be something too easy to be explain.