Yes, phishing is a concern, but is addressed by the same Yubikey. Most websites that matter support it.
There is a CLI, but like KeepassXC I’m not sure it’s per password. All passwords seem to be encrypted with the same master key. Note that since the encryption is symmetric, for encryption you still need to expose the master key.