diff --git a/modules/security/bot-analyzer.sh b/modules/security/bot-analyzer.sh
index c20a05f..75ce99e 100755
--- a/modules/security/bot-analyzer.sh
+++ b/modules/security/bot-analyzer.sh
@@ -1219,6 +1219,7 @@ calculate_bot_fingerprint() {
     awk -F'|' -v tmpdir="$TEMP_DIR" '
     BEGIN {
         # Initialize tracking arrays
+        fingerprint_file = tmpdir "/bot_fingerprints.txt"
     }
     {
         ip = $1
@@ -1306,10 +1307,10 @@ calculate_bot_fingerprint() {
 
             # Output fingerprint for high-confidence bots (score >= 60)
             if (score >= 60) {
-                printf "%s|%d|%d\n", ip, score, signal_count > tmpdir "/bot_fingerprints.txt"
+                printf "%s|%d|%d\n", ip, score, signal_count > fingerprint_file
             }
         }
-        close(tmpdir "/bot_fingerprints.txt")
+        close(fingerprint_file)
     }
     ' < "$TEMP_DIR/parsed_logs.txt" 2>/dev/null || true
 
@@ -1356,7 +1357,7 @@ analyze_domain_targeting_percentage() {
     # Also create per-domain attack type breakdown
     # Format: domain|attack_type|ip|count
     if [ -f "$TEMP_DIR/attack_vectors_raw.txt" ]; then
-        awk -F'|' '
+        awk -F'|' -v tmpdir="$TEMP_DIR" '
         {
             ip = $1
             domain = $2
@@ -1368,7 +1369,6 @@ analyze_domain_targeting_percentage() {
         }
         END {
             for (domain in attack_data) {
-                domain_file = tmpdir "/domain_attacks_" domain ".txt"
                 for (attack_type in attack_data[domain]) {
                     total = attack_totals[domain][attack_type]
                     for (ip in attack_data[domain][attack_type]) {
@@ -1378,7 +1378,7 @@ analyze_domain_targeting_percentage() {
                 }
             }
         }
-        ' -v tmpdir="$TEMP_DIR" < "$TEMP_DIR/attack_vectors_raw.txt"
+        ' < "$TEMP_DIR/attack_vectors_raw.txt"
     fi
 
     print_success "Domain attack pattern analysis complete"