[SECURITY] Memory and skill content exported in plaintext without secret scrubbing

[FZ2000]

Severity: P3

Summary

apc export correctly encrypts MCP server secrets and auth profile tokens, but exports memory.json and skill body content as unencrypted plaintext. If a user has stored sensitive information (API keys, passwords, tokens) inside memory entries or skill bodies, those are written to the export directory in cleartext.

Affected Code

src/export_import.py — export_cmd():

# Memory: always plaintext
(export_dir / "cache" / "memory.json").write_text(json.dumps(memory, indent=2, default=str))

# Skills cache: always plaintext (includes skill body content)
(export_dir / "cache" / "skills.json").write_text(json.dumps(skills, indent=2, default=str))

Realistic Scenarios

1. User ran apc memory add "My OpenAI key is sk-proj-..." — this is exported plaintext
2. A skill body contains hardcoded credentials (e.g. BEARER_TOKEN=xyz) — exported plaintext
3. Memory files contain full project context including internal URLs, credentials, or PII

Impact

• Export archives can be committed to repos thinking they're safe (only secrets were encrypted)
• Exports sent via email or cloud storage expose memory content
• The README/docs imply the export is safe to commit — this is only partially true

Recommended Mitigations

1. Pattern-scan memory entries for obvious secrets before export (using the existing is_secret_field() / pattern detection in secrets_manager.py) and warn the user
2. Option to encrypt all files (not just MCP/auth) — e.g. apc export --encrypt-all
3. Documentation: Clearly state in the apc export help that memory and skill content are NOT encrypted
4. User warning at export time:

   ⚠ memory.json and skills.json are exported unencrypted.
     Do not commit this export if memory entries contain sensitive information.
   

References

• CWE-312: Cleartext Storage of Sensitive Information
• CWE-200: Exposure of Sensitive Information to an Unauthorized Actor