Use the “passwords” feature to check if one of yours is compromised. If it shows up, never ever reuse those credentials. They’ll be baked into thousands of botnets etc. and be forevermore part of automated break-in attempts until one randomly succeeds.
A password manager is still a good idea, but you have to not use a hacked one. So only download from official sites and repositories. Run everything you download through VirusTotal and your machine’s antivirus if you have one. If it’s a Windows installer check it is properly signed (Windows should warn you if not). Otherwise (or in addition) check installer signatures with GPG. If there’s no signature, check the SHA256 OR SHA512 hash against the one published on the official site. Never follow a link in an email, but always go directly to the official website instead. Be especially careful with these precautions when downloading something critical like a password manager.
Doing these things will at least reduce your risk of installing compromised software.