Run vaultwarden locally. Install bitwarden. Now you have software-only implementation of passkey. Dig into vaultwarden sqlite database and you'll find passkey data there. Extract and save it on disk and you have exportable passkey. See, it's all security theater without remote attestation.

I had an idea to create blatantly insecure passkey browser extension. Maybe I should do that.