Not directly but indirectly it works that way.

Important to understand: no system can check whether a site is a hack or not. Even google’s protection warning doesn’t catch first few hours because relies on reports.

A system can check the URL tho and if your password which you have used on PayPal.com is requested the password manager will show it only on paypal.com, not on paypaI.com (capital i rather than l).

Then it’s is still up to the user not to open the manager and retrieve the password manually to enter it.

It adds an extra layer. But the main mantra is still: PEBKAC (Problem exists between keyboard and chair). Tools can be helpful. The user can override them and invalidate their function.