As a monitor, how do you differentiate between the operator removing a poisoned key versus them adding a malicious key and then trying to hide that fact?

You don’t, but remember you monitor your own keys: if you know you didn’t upload a poisoned key and the log refuses to serve a key preimage for your email, you’ve caught it misbehaving.