iCloud Keychain has this option built in. It’s unclear if app-specific keychains are scanned.
I tested this by entering bad password in the default keychain, which prompted a security recommendation. Next, I deleted the password and stored it within Orion’s keychain, which did not trigger a recommendation. It appears they are excluded from the scan.
Orion would have to follow the same method Apple takes, which would require making network requests. Not only is the method proprietary, it goes against Orion’s zero-telemetry policy. In addition, there are restrictions around the use of the Keychain API, which could make implementation impossible.
This issue should be marked as nofix.