The problem is that namcap's implementation is not meant for untrusted PKGBUILDs. Sourcing those build files is a big security flaw, so we can't do that for the AUR.
We can create minimal chroot with bash and namcap only. It would require changes to the infrastructure but it could improve the PKGBUILDs in AUR a lot. Here's how it could work: * user uploads tarball with a package to AUR, the tarball is moved to the "staging area". * uploader can see his/her (I wonder how many girls are here :-)) package in AUR interface immediately – this is mostly to prevent consecutive uploads of the same package. Other users can't see it until it's checked by namcap. * create the chroot and check the package using namcap. then of course clean the chroot * if there are errors in the package send email/other notification to the uploader. Otherwise the package is made available to public. -> it could be interesting to made namcap results available too. The package "Package Details" could include namcap log somewhere.