Looks clean to me. Check out for yourself of course. Does bring up an interesting dilemma. We all download code, libraries etc. all the time without going through it with a fine comb...
Most code executed on my box comes from package managers, which often use code signing to make sure you're getting the right code. Other than that, we often have to depend on the reputation of the project, otherwise we would be stuck reading code all day, instead of getting work done.
The difference here is that this is not some long standing and reputable project, but instead just something that was randomly thrown up github.
tl;dr - I trust the Mozilla Foundation more than I trust jtwaleson
Note that the URL in the one-liner references the master branch, which can be updated at will by jtwaleson. A much better idea would be to use a link to a specific version if you are going to make claims towards its cleanliness:
curl -O https://raw.github.com/jtwaleson/decrypt/f004b7eab7b949a55ea3c784fb9bac244aa0296e/decrypt.py; chmod +x decrypt.py; ls -la | ./decrypt.py
Even that might not work if he has two versions with the same hash and sends github a forced update with push -f. though that's still a much more difficult proposition than just updating the master branch.
If he can generate two files with the same hash he can do much more interesting things than write a sketchy python script that a few people might run without reading.
curl -O https://raw.github.com/jtwaleson/decrypt/master/decrypt.py; chmod +x decrypt.py; ls -la | ./decrypt.py
It's useless, but pretty nifty at 80x24.