Consider $H$ defined as: SHA-512, with it's output XORed with the first 512 bits of the input message (padded with zeroes for short message). With such $H$, the proposed MAC is insecure. Yet, as far as we know, this $H$ is no worse than SHA-512 from a standard standpoint.
Argument: observe that if $H(m_1\mathbin\|m_2)=\operatorname{SHA-512}(m_1\mathbin\|m_2)\oplus m_1$ and $\operatorname{MAC}_k(m)=H(k\mathbin\|m)\oplus k$, then for 512-bit key¹ $k$ it holds $\operatorname{MAC}_k(m)=\operatorname{SHA-512}(k\mathbin\|m)$. Therefore this $\operatorname{MAC}$ is susceptible to the length extension attack².
Therefore, it is impossible to prove that $H(k\mathbin\|m)\oplus k$ is a secure MAC without some insight into the internal structure of $H$.
I'm rather confident the proposed MAC construction is practically secure for hashes of the SHA-2 family, and even for SHA-1. We might want to prove security under the assumption the hash has Merkle-Damgård structure, a compression function built from a block cipher $E$ per the Davies-Meyer construction, with appropriate block and key size for $E$. I think this would be possible under the ideal cipher model, but not a standard model of security of $E$. The problem is that XORing the key with the output of a block cipher can weaken it. That's the case e.g. for AES-128 in decryption mode, where the XOR removes a round's worth of security.
¹ For key of arbitrary size, $\operatorname{MAC}_k(m)=\operatorname{SHA-512}(k\mathbin\|m)\oplus F_{|k|}(m)$ where $F_{|k|}(m)$ is $0^{\min(|k|,512)}$, followed by the first $\min(\max(512-|k|,0),|m|)$ bits of $m$, followed by $0^{\max(512-|k|-|m|,0)}$. This still allows attack.
² Contrary to what I wrote initialy, we can't recover $k$ from queries.