Extension
A password manager that fills the right field. Every time.
Passwords, passkeys, cards, and one-time codes go into the field that actually wants them — never pasted into a search box. Your vault stays remote: nothing cached, nothing decrypted on your laptop.
Available now for Chrome. Firefox and Safari coming soon.
01 — Field
Fills by intent, not by guesswork
Each field is matched by what it's for — its label, type, and surrounding context — so values land where they belong, not by brittle CSS selectors.
Coming summer 2026 When a form stumps it, only the form's structure (never your data) is analyzed anonymously, so the next release fills it too.
02 — Isolated
No content scripts on your pages
UI rendered inside a closed shadow DOM iframe. Nothing injected into the page's DOM. No CSS interference. No interception of keystrokes. The extension stays invisible until you ask.
03 — Remote
Vault stays remote
Your vault is not on your laptop. The extension fetches credentials over a scoped API per request — no local cache, no decrypted file on disk. WASM crypto runs in the service worker, never in page context.
What it does.
Inline autofill, the way it should work
A small Clavitor icon appears in detected fields. Click it (or focus the field) and a shadow-DOM dropdown shows matching entries for the current URL.
Choose one, the form fills. If the entry has TOTP, the code goes to your clipboard. If the entry uses device-based authentication, it shows above passwords with its own flow.
URL match levels: domain · host · starts-with · exact · regex · never
Unlock with your device
No master password. Tap your security key or use your fingerprint or face; the extension asks the vault to issue a fresh credential token. The token is scoped, time-limited, and stored encrypted in extension local storage.
Identity fields (cards, SSN, recovery codes) need a fresh challenge each reveal. The PRF-derived key is computed in the browser, used once, discarded.
CLV1 token format · Key derived from your device · HKDF-SHA256
Save & update prompts that don't lie
Submit a login with credentials we don't recognize? You get a save prompt with the URL, username, and a masked password. Use a different password on a known site? An update prompt that distinguishes "update existing" from "save as new account."
Saves go to the vault you pick, with the scope you set. The extension never silently saves anything.
Auto-dismiss after 15s · "Never for this site" excluded list · Per-vault default
Your browser saves passwords too. You can read them in a minute.
Encryption is table stakes — everyone has it. Your browser barely clears the bar: Chrome unlocks its password key with your computer login, so any program running as you reads every saved password in milliseconds — exactly how info-stealer malware works. Firefox, by default, stores the decryption key right beside the passwords. Don't take our word for it: the browsers are open source, and the read path is a documented handful of lines.
Clavitor never puts the vault on your machine. Decryption takes your hardware key — Touch ID, Face, or a YubiKey — computed in the browser, used once, then discarded. Nothing is cached, so there's nothing to scrape. That's table stakes done properly — see the proof your browser isn't a vault.
Everything else.
Device-based login
Create, store, and use device-based credentials. Shown above passwords with a distinct flow.
Password generator
Random or passphrase. HIBP k-anonymity check before saving.
Health dashboard
Weak, reused, breached, and 2FA-eligible findings — with one-click fixes.
Share links
Per-field share with expiry and optional PIN. L3 fields cannot be shared.
Multi-account
Multiple vaults selectable from the popup. Each unlocks independently.
Keyboard-first
Every action has a shortcut. Open, search, fill, generate, lock — without the mouse.
Light + dark
Both modes shipped. Toggle in the popup. CSS-variable swap, not a separate stylesheet.
Context menu
Right-click on a field for quick fill, generator, or TOTP copy with live countdown.
Onboarding in 30s
Paste your credential token. Pin the toolbar icon. Visit a site. Done.
Get the extension.
Available for Chrome, Brave, Edge, Vivaldi, and all Chromium browsers.