The only thing signaling Gatekeeper to do the deep checks and also to block execution is the presence of that file attribute. When GK was first introduced in Tiger that’s literally all it consisted of; a warning/reminder that “hey slack jawed user, you downloaded this executable from the internet, be sure you trust it!” and once they said OK, the attribute was cleared and you’re not gonna get bothered again.

The AMFI checks happen on every execution of any executable. Xprotect is also running execution based checks on first run and randomly later on to check for signatures of known malware. Gatekeeper is the umbrella term for all of this on the Mac, but its still kicked off, to the user at least, as that prompt “hey champ you downloaded this from the internet and the developer didn’t want to upload this binary to Apple for scans, move it to your trash”.

Long story short, if you remove the quarantine bit, you can run whatever the fuck you want so long as Xprotect doesn’t detect anything in its YARA rules files.