Claspt — Password Auto-Fill

Tracking since Apr 1, 2026.

Changelog

• May 8, 2026
  description

  Claspt brings your encrypted vault to the browser. Auto-fill logins, generate strong passwords, and manage credentials — all connected to your Claspt desktop app.
  
    YOUR VAULT, YOUR BROWSER
  
    Claspt is a local-first password manager. Your passwords stay encrypted on your device — never uploaded to our servers. The browser extension connects to the Claspt desktop app running on your machine via a secure local API (localhost only).
  
    FEATURES
  
    🔑 Auto-Fill Credentials
    • Detects login forms automatically
    • Shows matching credentials for the current site
    • One-click fill for username and password
    • Smart domain matching — finds credentials for subdomains too
  
    🔍 Search Your Vault
    • Search across all your credentials from the popup
    • Search within the inline dropdown on any password field
    • Filter by: Matching, Same Domain, or All
  
    ⚡ Password Generator
    • Generate strong passwords directly in the browser
    • Preview, regenerate, copy, or fill — all without leaving the page
    • Adjustable length, presets (Strong 20 / Long 32 / PIN 6)
    • Strength meter with real-time feedback
  
    👤 Identity Auto-Fill
    • Store personal information (name, email, phone, address)
    • Fill forms with one click — registration, checkout, contact forms
    • Data stored encrypted in your Claspt vault
  
    📋 Save New Credentials
    • Captures logins when you sign up or change passwords
    • 7 templates: Password, API Key, SSH Key, Env Variable, License Key, Credit Card, Custom
    • Saved directly to your Claspt vault with encryption
  
    🔒 Security
    • Connects only to localhost (127.0.0.1) — no external network requests
    • API token authentication between extension and desktop app
    • Credentials never leave your machine
    • Domain validation prevents cross-site credential leakage
    • Open for security audit
  
    REQUIREMENTS
  
    • Claspt desktop app installed and running (macOS, Windows, or Linux)
    • Local API enabled in Claspt: Settings → Integrations → Local API
    • API token configured in the extension settings
  
    HOW TO SET UP
  
    1. Install Claspt desktop app from https://claspt.app/download
    2. Open Claspt → Settings → Integrations → Enable Local API
    3. Copy the API token
    4. Click the Claspt extension icon → Settings → paste the token
    5. Click Test Connection — you're ready to go
  
    KEYBOARD SHORTCUTS
  
    • Ctrl+Shift+L (Cmd+Shift+L on Mac) — Fill credentials for current page
    • Right-click any field → "Fill with Claspt" or "Generate password"
  
    PRIVACY
  
    Claspt never sends your passwords to any server. The extension communicates only with the Claspt desktop app on your local machine (127.0.0.1). No analytics, no tracking, no cloud storage. Your data belongs to you.
  
    Learn more: https://claspt.app
    Documentation: https://docs.claspt.app
    Support: [email protected]

  Claspt brings your encrypted vault to the browser. Auto-fill logins, generate strong passwords, recover passwords you forgot to save, and warn you about reused or weak passwords — all connected to your Claspt desktop app.
  
  YOUR VAULT, YOUR BROWSER
  
  Claspt is a local-first password manager. Your passwords stay encrypted on your device — never uploaded to any cloud. The browser extension connects to the Claspt desktop app running on your machine via a secure local API (loopback only — http://127.0.0.1).
  
  You will be asked once for permission to talk to your own computer. No browsing data is ever sent off your device.
  
  REQUIRES THE CLASPT DESKTOP APP
  
  The extension is a companion to the Claspt desktop app for macOS, Windows, and Linux. Download it from https://claspt.app — installation takes under 2 minutes.
  
  FEATURES
  
  ✏️ Manage credentials directly in the extension
  • Edit username, password, and any field inline in the popup — no dialog boxes
  • Add and remove custom fields — TOTP secret, URL, anything you want
  • Delete a credential with confirm. Empty pages are removed automatically
  • Rename label inline — focused input under the row, Save / Cancel
  • Move to folder with a dropdown of your existing vault folders, plus a
    "+ New" toggle to create a folder inline
  • Auto-detect password rotation: change your password on a site, and the
    save bar offers "Update password for {site}" — one click, non-destructive
  • Desktop wins on conflict: if the desktop has changed the credential
    since you opened it, the extension reverts and tells you. No silent overwrites.
  
  🔑 Auto-Fill Credentials
  • Inline icon inside username, email, and password fields with a count badge of matching credentials
  • Single-line credential rows with local letter-initials avatars (no external favicon fetch)
  • Match-tier section headers — "Best match", "Same site", "Other matches" so you can see why each credential is being suggested
  • Smart matching by exact URL, hostname, or registrable domain
  • Multi-step login support (Google, Microsoft) — remembers email from step 1
  
  ⚡ Smart Password Generator
  • Generate strong passwords directly in the browser, online or offline
  • Length slider from 8 to 64 characters
  • Configurable charset toggles plus exclude ambiguous (0O, 1lI) and exclude problematic (\\ ' " ` { } < >)
  • Max symbols cap (default 2) — no more "y0e{Cn!npeVtMV" symbol soup
  • Three modes (popup): Password, Passphrase (EFF wordlist), PIN
  • Right-click any field → Generate password into that field
  
  🕒 Password History (recover what you forgot to save)
  • Generated passwords are remembered when you Copy or Use them
  • Per-login view in each credential row's expanded panel: last 3 generated passwords used on that site
  • Global view under Generator → History
  • Masked by default with eye-toggle reveal
  • Configurable retention (1 / 3 / 7 / 14 / 30 days, or never) — default 7 days
  • Stored locally on the device only
  
  ⚠️ Reused-Password Warning
  • Per-row badge on credentials sharing a password with another login
  • Banner above the credential list showing the total count
  • Hashing is done locally with the Web Crypto API — passwords never leave the device
  
  ⭐ Multi-Credential Workflow
  • Mark as primary — designate "this is the credential that works"; auto-fill prefers it
  • Mark as deprecated — soft-retire legacy credentials; dimmed and dropped from default lists
  • Pin to top — per-device pin, syncs between popup and inline picker
  • Notes per credential — small free-text field for "needs MFA app", "support contact", etc.
  • Per-item URL match policy — Base domain / Exact hostname / Exact URL / Never auto-fill
  • Folder-grouped headers in the inline picker when matches span 2+ vault folders
  
  👤 Identity & Card Auto-Fill
  • Personal info, addresses, and credit cards stored in your vault under identities/
  • Brand-aware card visuals (Visa, Mastercard, Amex, Discover, JCB, Diners, UnionPay, RuPay)
  • Smart classifier: items show under Credit Cards when their fields look card-like
  
  🔐 TOTP / 2FA Support
  • Live 30-second TOTP code with circular timer in each credential's expanded view
  • One-click copy or auto-paste after password fill (toggleable)
  
  🛡️ Security Built In
  • Closed shadow DOM for the inline picker — page CSS and scripts cannot reach inside
  • Refuses to render inside cross-origin iframes (clickjacking protection)
  • Phishing warnings — banner when the page domain doesn't match the saved credential URL
  • Iframe protection — block auto-fill inside iframes (toggleable)
  • Auto-lock after configurable idle time
  • Clipboard auto-clear (default 30 seconds, configurable)
  
  📋 Right-Click Anywhere
  • Fill from Claspt — fills the current input with the best-matching credential
  • Generate password into this field — drops a strong password directly into the right-clicked field, using your saved generator preferences
  • Copy username / password for this site
  
  PRIVACY
  
  • Zero telemetry. The extension never reports usage, errors, or any data to any server.
  • Zero third-party calls. All requests go to http://127.0.0.1 (your own machine).
  • Zero analytics SDKs. None bundled.
  • Open and inspectable code.
  
  CROSS-PLATFORM
  
  Same JavaScript bundle on Windows, macOS, and Linux. Works in Chrome, Edge, Brave, and Firefox.
  
  LEARN MORE
  
  • Documentation: https://docs.claspt.app/guides/browser-extension
  • Connection troubleshooting: https://docs.claspt.app/reference/connection-troubleshooting
  • Desktop app: https://claspt.app

• May 8, 2026
  short_description

  Auto-fill passwords from your Claspt vault

  Companion extension for the Claspt desktop password manager — auto-fills credentials on web pages from your local vault.

• May 8, 2026
  host_permissions

  http://127.0.0.1/*

  (empty)

Permissions & access

Permissions

activeTabstorageclipboardWritealarmscontextMenus

Host access

None declared

Screenshots