diff --git a/modules/security/bot-analyzer.sh b/modules/security/bot-analyzer.sh
index 904a446..80330cd 100755
--- a/modules/security/bot-analyzer.sh
+++ b/modules/security/bot-analyzer.sh
@@ -1769,10 +1769,10 @@ calculate_threat_scores() {
         # Skip volume scoring for legitimate bots (Google, Bing, etc.)
         if [ -z "${legit_bot_ips[$ip]}" ]; then
             # Not a legitimate bot - apply volume scoring
-            if [ "$req_count" -gt 10000 ]; then score=$((score + 10))
-            elif [ "$req_count" -gt 5000 ]; then score=$((score + 8))
-            elif [ "$req_count" -gt 1000 ]; then score=$((score + 5))
-            elif [ "$req_count" -gt 500 ]; then score=$((score + 3))
+            if [ "${req_count:-0}" -gt 10000 ]; then score=$((score + 10))
+            elif [ "${req_count:-0}" -gt 5000 ]; then score=$((score + 8))
+            elif [ "${req_count:-0}" -gt 1000 ]; then score=$((score + 5))
+            elif [ "${req_count:-0}" -gt 500 ]; then score=$((score + 3))
             fi
         fi
 
@@ -1783,15 +1783,15 @@ calculate_threat_scores() {
             if [ -n "${scanner_ips[$ip]}" ]; then
                 fail_rate=${scanner_ips[$ip]}
             fi
-            if [ "$fail_rate" -ge 90 ]; then
+            if [ "${fail_rate:-0}" -ge 90 ]; then
                 score=$((score + 8))  # Very high failure rate
-            elif [ "$fail_rate" -ge 80 ]; then
+            elif [ "${fail_rate:-0}" -ge 80 ]; then
                 score=$((score + 5))  # High failure rate
             fi
         fi
 
         # High success rate (90%+ 200/301/302) + high volume = potential scraping
-        if [ -n "${scraper_ips[$ip]}" ] && [ "$req_count" -gt 500 ]; then
+        if [ -n "${scraper_ips[$ip]}" ] && [ "${req_count:-0}" -gt 500 ]; then
             score=$((score + 7))  # Scraping behavior
         fi