Bourne shell abstract interpreter

There is no shortage of articles and essays explaining why this anti-pattern is bad:

• "One way "curl pipe sh" install scripts can be dangerous [proof of concept]", Jordan Eldredge, 2012.
• "Don't Pipe to your Shell", Sean Cassidy, 2013.
• "Stop piping curl to /bin/sh", Chris Snell, 2013.
• "Piping into shell may be harmful", David Jones, 2014.
• "On the curl | sh pattern", Etienne Millon, 2014. This author also created the curl | sh wall of shame.

There are various attempts to address the first two problems:

• "Protect yourself from the hidden dangers of `curl <url> | sh`" (Darian Moody, 2013) and others advocate using a tool likevipe to inspect the script before executing.
• Juan Benet's hashpipe (2015) checks the script against an out-of-band hash
• Gemma Lynn's pipethis (2016) cryptographically verifies the authorship of the script using Keybase before executing it.

This still leaves the further problems unresolved, though.