A cursory look at the code (10min on my phone) shows nothing obviously wrong. They use a secure source of entropy, and scrypt with decent parameters for generating the key from the passphrase. They use unique salts and nonces of decent lengths. That alone is better than 90% of the crypto code I review.
I would still prefer https://www.passwordstore.org/ though. I like the ability to insert a new passwd without having to type a passphrase. And it's more robust because updating 1 password only rewrites 1 file, whereas with passmgr the whole file is rewritten. This also mean the passwordstore data base is easier to revision-control and sync across multiple machines. Finally with passwordstore I can update my passphrase by simply changing it on my PGP key ("gpg --edit-key $id" and use the "passwd" command.) But with passmgr there is no mechanism to change it (every entry would have to be decrypted and re-encrypted.)
I would still prefer https://www.passwordstore.org/ though. I like the ability to insert a new passwd without having to type a passphrase. And it's more robust because updating 1 password only rewrites 1 file, whereas with passmgr the whole file is rewritten. This also mean the passwordstore data base is easier to revision-control and sync across multiple machines. Finally with passwordstore I can update my passphrase by simply changing it on my PGP key ("gpg --edit-key $id" and use the "passwd" command.) But with passmgr there is no mechanism to change it (every entry would have to be decrypted and re-encrypted.)