For what I read (again, remember I'm far from an expert), Tor obfuscates your entry point to the network, but the exit node can still be used to track you. Adding a VPN is said to close the circle.
The exit node can't track you if you're connecting to an onion service. The exit node can only read the message if you're connecting to a .com, .org, .net etc. (clearnet) which can then be used to track you.
Not a particular one. I am just assuming that in the same way that a three-letter agency can set up and run their own Electrum servers, they might be able to set up and run their own TOR routers to examine the traffic that runs through them and take a closer look at those individuals that might be of interest to them.
But, they can't read the message if it's an onion service. Yeah, they may know you're using Tor and that you're also visiting a block explorer, but they can't know what you're viewing. This is only known by the one who runs the onion service. So, unless every Tor node is a honeypot AND the block explorer is ran by surveillance agencies, you're fine.