Threat models for storing passwords, TOTP and passkeys in a single password manager?

What are the possible threat models when it comes to saving all credentials (passwords, TOTP and passkeys) into a single .kdbx database? This is assuming that:

• The master password is very strong.
• The .kdbx file is never exposed to the internet (always kept offline).
• Only two devices have access to this database
  • iPhone with KeePassium
  • Linux computer with KeePassXC.

I can only think of two models:

1. The database AND master passwords are (somehow) exposed.
2. One of my two devices (iPhone and Linux) are compromised with Malware.

I’m not too worry about (1) as I always keep the database offline and share it between iPhone and Linux through USB cable. However, (2) is where I’m wondering if keeping all credentials separate would even make a difference.

If my iPhone gets compromised, I doubt having TOTP and passwords in separate apps will mitigate anything as the malware can just get the info from both apps. So there is no much difference in keeping TOTP, passwords, and passkeys in a single database on my phone.

In the case of my Linux machine being compromised, then the malware can just wait until I decrypt the database and log everything (then I’m screwed). However, even if I have TOTP or passkeys on a separate device (e.g., my phone), couldn’t the malware just wait until I login to the sites and copy my password, TOTP code and passkeys when I have to enter them? Would it make any difference if I had MFA on a different device even?

I guess what I’m trying to ask: Is threat model (2) even relevant when it comes to storing all credentials into a password manager? I feel like once one of my devices get compromised (with remote or physical access) then it’s game over and there is no way for me to mitigate it, so I might as well keep all credentials into a single database. Also, what other thread models am I missing here?