Pass Monitor currently identifies weak, reused, and compromised passwords — which is excellent. I'd like to suggest an additional detection category: stale and obsolete entries.

For users with large vaults (e.g. 1,000+ entries), many logins accumulate over years for services that no longer exist, domains that have expired, or accounts that have never been accessed. These entries add noise and make vault hygiene harder.

Requested behaviour

Dead domain detection — flag entries where the stored URL no longer resolves (DNS check, client-side or server-side)
Inactivity flag — surface entries that have not been autofilled or edited in over N years (user-configurable threshold, e.g. 2 or 3 years)
No URL entries — optionally flag logins that have no associated URI at all, as these can never trigger autofill
This would be surfaced as a new section in Pass Monitor, similar to the existing "Inactive 2FA" section — with the option to dismiss or delete entries directly from the list.

Privacy note: domain resolution checks should either be performed locally (using the device's DNS resolver) or be opt-in, to avoid leaking vault URLs to Proton's servers.