My motivation for writing spicypass was actually a frustrating struggle I once had trying to get pass to play nicely with my GPG installation. I decided it would be easier (and more fun) to write my own.
So one of the main differences is that spicypass is setup-free. You just pick a master password and go. It achieves this by using symmetric encryption via the libsodium library. A nice side-effect of this is that backups are as simple as copying the .spicypass file to your backup device/server. With asymmetric encryption you have to worry about backing up your private keys in addition to the store file(s).
Another major difference is that it has an idle lock. Even if someone has root access to your machine and you leave it unattended while spicypass is running, they won't be able to see your passwords (assuming there's no keylogger involved).
There's also the minimalist aspect. pass has a lot of features that I personally don't need and consider to be bloat. I designed spicypass to my own personal specs: A very simple notepad-like interface, but secure. I figure I can't be the only one who thinks all the bells and whistles that most password managers have just get in the way.
I've also experienced some difficulties with getting pass to play nicely with gpg, but the hassle was definitely worth it. An integrated pass and gpg setup allows for a single consistent means of authenticating and comes with the idle timeouts that you mention.
When I want to push to a git repo and authenticate with my private key, I just run git push normally, and a pin-entry prompt comes up, and I just need to enter my master password. Similarly, when I want to use a stored password for logging into a website, I just click the passff extension and enter my master password into the pinentry program. It would seem like something like spicypass would just bloat my system, requiring multiple programs for authenticating in different ways.
I can understand the drive for minimalism, but I can't see any reasonable metric by which pass could be seen as bloated - it provides a small set of features that are important for a password store and nothing more.
Often it just comes down to personal preference. A necessary feature to one person is bloat to another. Git integration for example is not something that meets my criteria for a necessary feature of a password store (think non-developers), although I can certainly understand why some people might love it.
Git integration was a major plus point for me. Undo is a basic desire everywhere, and revision control with Git gets you Undo. You get a bunch of other things from Git, but being able to Undo my inevitable mistakes is essential.
The benefit of Pass is it already has Chrome/Firefox plugins so all you need to do is press a keyboard shortcut and it automatically fills it in on the site.
Given SpicyPass doesn't have that, I think I'll still be with Pass, because it's free and simply amazing.
Third party browser extensions (and cloud syncing) are two things that, while convenient, create potential security holes. I opted for security over convenience with spicypass.
I absolutely understand why this might turn some people off, maybe even most people. But I know that there are people (like me) who want something that isn't connected to the cloud, and isn't going to inherit all of the security flaws of their browser.
Not having a browser extension is also a security risk, because copy/pasting is error prone, and does not protect you from phishing - which is more of a risk than someone taking control your computer and bruteforcing your vault IMO (of course your threat model might be different from most users, for example if you store passwords not for the web)
(Disclosure: I work for a commercial password manager that do offer browser extensions)
I agree that there are risks either way, though like you said, the threat model is a bit different. SpicyPass isn't explicitly for web passwords. It's just a generalized key value store with added security. I use it to store my bitcoin keys for example, and that's probably not something you want to expose to the cloud and/or your browser.
With that said I don't rule anything out for the future.
So one of the main differences is that spicypass is setup-free. You just pick a master password and go. It achieves this by using symmetric encryption via the libsodium library. A nice side-effect of this is that backups are as simple as copying the .spicypass file to your backup device/server. With asymmetric encryption you have to worry about backing up your private keys in addition to the store file(s).
Another major difference is that it has an idle lock. Even if someone has root access to your machine and you leave it unattended while spicypass is running, they won't be able to see your passwords (assuming there's no keylogger involved).
There's also the minimalist aspect. pass has a lot of features that I personally don't need and consider to be bloat. I designed spicypass to my own personal specs: A very simple notepad-like interface, but secure. I figure I can't be the only one who thinks all the bells and whistles that most password managers have just get in the way.