(1) $EDITOR probably has syntax highlighting, which will help you understand the text better. Always do your code reviews with the supportive assistance of tools.
(2) If you intend to review a script before you run it on your computer, it is intrinsic to the task that you review the script you are about to run on the computer. As you observe, a malicious user might detect the User-Agent and give a different script. But completely non-malicious changes could happen too: for instance, there could be an update or you could type in the command wrongly and accidentally review one script but run another.
In any case, it's worth noting that the user who wants to review the install script before they run a potentially malicious installer needs to consider whether they actually trust the software they're about to install. A malware author could easily install a binary of potentially-malicious in a perfectly benign way, and it happens that once it's been running for three hours it reads exfiltrates your aws keys on apparently ordinary API requests it makes.
If you don't trust author/distributors (whether it is ad hoc distribution or appstore distribution), it is probably better to rely on third party distributors as found in traditional GNU/Linux distributions. They aren't flawless, but the delays are there partly to help making trusting a random group of independent developers more trustworthy.
If you don't trust first party author/distributors or third party distributors, I guess you have a sufficiently sandboxed setup that means `curl | sh` is actually safe, or else you download the source code, review the whole package, and build it or don't, so you don't want to `curl | sh` anyway.
I'm not sure "Any user who intends to review a script" would do this. I'd bet that most would at most open it, take a quick look and run it. But good advice!
