diff --git a/scripts/install.sh b/scripts/install.sh
index 53830e7..484efd1 100755
--- a/scripts/install.sh
+++ b/scripts/install.sh
@@ -61,9 +61,9 @@ if ! command -v firecracker &>/dev/null; then
     curl -fSL -o /tmp/firecracker.tgz \
         "https://github.com/firecracker-microvm/firecracker/releases/download/${FC_VERSION}/firecracker-${FC_VERSION}-${ARCH}.tgz"
     tar xzf /tmp/firecracker.tgz -C /tmp
-    sudo cp /tmp/release-${FC_VERSION}-${ARCH}/firecracker-${FC_VERSION}-${ARCH} /usr/local/bin/firecracker
-    sudo cp /tmp/release-${FC_VERSION}-${ARCH}/jailer-${FC_VERSION}-${ARCH} /usr/local/bin/jailer
-    rm -rf /tmp/firecracker.tgz /tmp/release-${FC_VERSION}-${ARCH}
+    sudo cp "/tmp/release-${FC_VERSION}-${ARCH}/firecracker-${FC_VERSION}-${ARCH}" /usr/local/bin/firecracker
+    sudo cp "/tmp/release-${FC_VERSION}-${ARCH}/jailer-${FC_VERSION}-${ARCH}" /usr/local/bin/jailer
+    rm -rf /tmp/firecracker.tgz "/tmp/release-${FC_VERSION}-${ARCH}"
     log "Firecracker $(firecracker --version 2>&1 | head -1) installed"
 else
     log "Firecracker already installed: $(firecracker --version 2>&1 | head -1)"
diff --git a/scripts/setup-bridge.sh b/scripts/setup-bridge.sh
index d7d6034..f57236e 100755
--- a/scripts/setup-bridge.sh
+++ b/scripts/setup-bridge.sh
@@ -10,21 +10,21 @@ SUBNET="172.16.0.0/24"
 EXT_IFACE=$(ip route show default | awk '{print $5; exit}')
 
 echo "Creating bridge ${BRIDGE}..."
-ip link add ${BRIDGE} type bridge 2>/dev/null || echo "Bridge already exists"
-ip addr add ${BRIDGE_IP} dev ${BRIDGE} 2>/dev/null || echo "Address already set"
-ip link set ${BRIDGE} up
+ip link add "${BRIDGE}" type bridge 2>/dev/null || echo "Bridge already exists"
+ip addr add "${BRIDGE_IP}" dev "${BRIDGE}" 2>/dev/null || echo "Address already set"
+ip link set "${BRIDGE}" up
 
 echo "Enabling IP forwarding..."
 sysctl -w net.ipv4.ip_forward=1
 
 echo "Setting up NAT via ${EXT_IFACE}..."
-iptables -t nat -C POSTROUTING -s ${SUBNET} -o ${EXT_IFACE} -j MASQUERADE 2>/dev/null || \
-  iptables -t nat -A POSTROUTING -s ${SUBNET} -o ${EXT_IFACE} -j MASQUERADE
+iptables -t nat -C POSTROUTING -s "${SUBNET}" -o "${EXT_IFACE}" -j MASQUERADE 2>/dev/null || \
+  iptables -t nat -A POSTROUTING -s "${SUBNET}" -o "${EXT_IFACE}" -j MASQUERADE
 
-iptables -C FORWARD -i ${BRIDGE} -o ${EXT_IFACE} -j ACCEPT 2>/dev/null || \
-  iptables -A FORWARD -i ${BRIDGE} -o ${EXT_IFACE} -j ACCEPT
+iptables -C FORWARD -i "${BRIDGE}" -o "${EXT_IFACE}" -j ACCEPT 2>/dev/null || \
+  iptables -A FORWARD -i "${BRIDGE}" -o "${EXT_IFACE}" -j ACCEPT
 
-iptables -C FORWARD -i ${EXT_IFACE} -o ${BRIDGE} -m state --state RELATED,ESTABLISHED -j ACCEPT 2>/dev/null || \
-  iptables -A FORWARD -i ${EXT_IFACE} -o ${BRIDGE} -m state --state RELATED,ESTABLISHED -j ACCEPT
+iptables -C FORWARD -i "${EXT_IFACE}" -o "${BRIDGE}" -m state --state RELATED,ESTABLISHED -j ACCEPT 2>/dev/null || \
+  iptables -A FORWARD -i "${EXT_IFACE}" -o "${BRIDGE}" -m state --state RELATED,ESTABLISHED -j ACCEPT
 
 echo "Done. Bridge ${BRIDGE} ready."
diff --git a/scripts/teardown-bridge.sh b/scripts/teardown-bridge.sh
index b39fb70..534d278 100755
--- a/scripts/teardown-bridge.sh
+++ b/scripts/teardown-bridge.sh
@@ -9,12 +9,12 @@ SUBNET="172.16.0.0/24"
 EXT_IFACE=$(ip route show default | awk '{print $5; exit}')
 
 echo "Removing NAT rules..."
-iptables -t nat -D POSTROUTING -s ${SUBNET} -o ${EXT_IFACE} -j MASQUERADE 2>/dev/null || true
-iptables -D FORWARD -i ${BRIDGE} -o ${EXT_IFACE} -j ACCEPT 2>/dev/null || true
-iptables -D FORWARD -i ${EXT_IFACE} -o ${BRIDGE} -m state --state RELATED,ESTABLISHED -j ACCEPT 2>/dev/null || true
+iptables -t nat -D POSTROUTING -s "${SUBNET}" -o "${EXT_IFACE}" -j MASQUERADE 2>/dev/null || true
+iptables -D FORWARD -i "${BRIDGE}" -o "${EXT_IFACE}" -j ACCEPT 2>/dev/null || true
+iptables -D FORWARD -i "${EXT_IFACE}" -o "${BRIDGE}" -m state --state RELATED,ESTABLISHED -j ACCEPT 2>/dev/null || true
 
 echo "Removing bridge ${BRIDGE}..."
-ip link set ${BRIDGE} down 2>/dev/null || true
-ip link del ${BRIDGE} 2>/dev/null || true
+ip link set "${BRIDGE}" down 2>/dev/null || true
+ip link del "${BRIDGE}" 2>/dev/null || true
 
 echo "Done."
diff --git a/tests/test-suite.sh b/tests/test-suite.sh
index ebeca47..6900c78 100755
--- a/tests/test-suite.sh
+++ b/tests/test-suite.sh
@@ -258,7 +258,7 @@ if [ -n "$OVERSEER_PID" ] && [ "$OVERSEER_PID" != "0" ]; then
   } | nc -q 2 127.0.0.1 6667 2>&1)
   assert_contains "$OUT" "worker" "overseer adopted worker after crash"
   # Cleanup
-  OUT2=$({
+  {
     echo -e "NICK fcrecov2\r\nUSER fcrecov2 0 * :t\r\n"
     sleep 2
     echo -e "JOIN #agents\r\n"
@@ -266,7 +266,7 @@ if [ -n "$OVERSEER_PID" ] && [ "$OVERSEER_PID" != "0" ]; then
     echo -e "PRIVMSG #agents :!destroy worker\r\n"
     sleep 5
     echo -e "QUIT\r\n"
-  } | nc -q 2 127.0.0.1 6667 2>&1)
+  } | nc -q 2 127.0.0.1 6667 2>&1
 else
   echo "  SKIP: overseer not running via systemd, skipping crash test" && ((SKIP++))
   ((SKIP++))
@@ -288,7 +288,7 @@ echo "--- Test 20: Graceful agent shutdown (IRC QUIT) ---"
   echo -e "PRIVMSG #agents :!destroy worker\r\n"
   sleep 5
   echo -e "QUIT\r\n"
-} | nc -q 2 127.0.0.1 6667 2>&1 > /tmp/fc-quit-test.txt
+} | nc -q 2 127.0.0.1 6667 > /tmp/fc-quit-test.txt 2>&1
 if grep -q "QUIT.*shutting down" /tmp/fc-quit-test.txt; then
   echo "  PASS: agent sent IRC QUIT on destroy" && ((PASS++))
 else