Yes but it's clunky as hell. We need something like a curl x.sh | firejail --new, which prompts a) do you want overlayfs? b) do you want network isolation? c) do you want to allow home directory access?

And then, some equivalent for actually running whatever was installed. This would need to introspect what the installation script did and expose new binaries, which of course run inside the sandbox when invoked.

To move past the "| bash" lazy default, people need an easy to remember command. The complexity of the UI of these tools hinders adoption.