if you entered your private key into a website, most likely that private key is stored in your browser cache. nuking it all would be all you would need to do. you'd most likely be safe then once you started using an extension.

that said, last December nostr had a bunch of cross site scripting attacks on a popular client at the time. those keys were considered burned and many people abandoned those keys for new ones.

i personally don't think you'd have that problem today with any of the popular clients though. i just wanted you to be aware of it.