Here's another approach: Don't try to parse the .rc and .profile files of the users, just scan their process's environments!

#!/usr/bin/perl
use strict;

$/ = "\0";
opendir PROC,"/proc" or die "cannot open /proc for read: $!\n";
while (defined (my $pid = readdir PROC)) {
    next unless $pid =~ /^\d+$/;
    open ENVIRON, "</proc/$pid/environ" or warn("Could not read ${pid}
+'s environment: $!\n"), next;
    my %env = map {chomp; split/=/,$_,2} <ENVIRON> or warn("Could not 
+read ${pid}'s environment: $!\n"), next;
    close ENVIRON;
    print "UID ".((stat "/proc/$pid")[4])." is a violator! (pid $pid)\
+n" if grep /^\.$/, split /:/, $ENV{PATH};
}
closedir PROC;
[download]

Cron that and email yourself the output.