Anything that doesn't have a public contract. The ones where you cannot see the "Read/ Write" contract part on etherscan.

Most scams happen not from the "Sign metamask" transaction with which you connect but from some links on the website itself that can install malware.

With the number of times people just blindly connect for airdrops, its a big flood of scams waiting to happen when someone will attack the whole ethereum community at the same time.

You have a ledger so no problems of exposing the private key so that is definitely a win.