Okay so I’m curious, have you considered that if the standalone app was open on your desktop (unlocked), the intruder can steal any password anyway, not just your master password/security key. I consider that a full compromise, far past the point of considering defense strategies. Might as well stop worrying now that you know this isn’t something that will make a difference.