Although, I would say that simply making sure you have the full URL of the site in question in the 'When URL Contains' field will prevent a SUCCESSFUL spoof attempt, as the generated password will be different from your true Account password.
So, in effect, PWM DOES provide some anti-spoof functionality, though indirectly...