Look up the stuxnet story for an example of attacking air gapped machines via a USB rootkit. Spoilers: it was pulled by a state actor, took untold resources and still required physical access to the laptop of one of the engineers working on the target system.
I just wish I could pass the watch-only wallet from offline to online in the same way like a transaction (with QR, sound, webcam,etc).
You can extract WO wallet backups. You'll get 4 lines instead of 2. You can recreate the WO on your online machine in this way, without having to rely on a flash drive.