diff --git a/modules/security/bot-analyzer.sh b/modules/security/bot-analyzer.sh
index 6bf694d..33a7958 100755
--- a/modules/security/bot-analyzer.sh
+++ b/modules/security/bot-analyzer.sh
@@ -1412,7 +1412,7 @@ analyze_success_rates() {
     print_info "Analyzing request success rates and behavior patterns..."
 
     # Calculate success rate (200/301/302 vs 404/403) for each IP
-    awk -F'|' '
+    awk -F'|' -v tmpdir="$TEMP_DIR" '
     {
         ip = $1
         status = $4
@@ -1438,19 +1438,19 @@ analyze_success_rates() {
 
             # High failure rate indicates scanning/probing
             if (fail_rate >= 80 && total[ip] >= 20) {
-                print ip "|" total[ip] "|" fail_rate "|scanner" >> "'"$TEMP_DIR"'/high_failure_ips.txt"
+                print ip "|" total[ip] "|" fail_rate "|scanner" >> tmpdir "/high_failure_ips.txt"
             }
             # Very high success rate + high volume could be scraping
             else if (success_rate >= 90 && total[ip] >= 100) {
-                print ip "|" total[ip] "|" success_rate "|scraper" >> "'"$TEMP_DIR"'/high_success_ips.txt"
+                print ip "|" total[ip] "|" success_rate "|scraper" >> tmpdir "/high_success_ips.txt"
             }
 
             # Output all rates for later analysis
-            print ip "|" total[ip] "|" success_rate "|" fail_rate >> "'"$TEMP_DIR"'/ip_success_rates.txt"
+            print ip "|" total[ip] "|" success_rate "|" fail_rate >> tmpdir "/ip_success_rates.txt"
         }
-        close("'"$TEMP_DIR"'/high_failure_ips.txt")
-        close("'"$TEMP_DIR"'/high_success_ips.txt")
-        close("'"$TEMP_DIR"'/ip_success_rates.txt")
+        close(tmpdir "/high_failure_ips.txt")
+        close(tmpdir "/high_success_ips.txt")
+        close(tmpdir "/ip_success_rates.txt")
     }' < "$TEMP_DIR/parsed_logs.txt"
 
     # Touch files if they don't exist