Type secrets only, when pink.
PinkThumb will display a pink thumb next to the address bar, when you browse to a website that is on your trusted websites list. You have to configure this trusted websites in a json file within the directory of the extension. See blogpost for more information:
With that you will be able to distinguish between for example:
If you click on the first link in a phishing Email, you might not recognize that this is not a Google or Microsoft or whatever login page, but a phishing site.
Configure the JSON with all the important website (Banking, Facebook, etc.) that you are providing secrets to.
Then provide your secrets only to sites when the pink thumb is displayed.