malware – Can I check the content of a suspicious file directly on the server using an editor, e.g. vim?

In order for the opening of the file to pose a risk, the file would need to include an exploit for the specific text editor you use. Then when you open the file, the exploit would trigger.

While possible that’s not very likely. It certainly isn’t common.

The far more likely threat is that there is malicious PHP code in the file that triggers when the file is executed by a PHP server.

But all that aside, I’m not sure why you are questioning whether you have been infected when you are looking at files being served that you did create and there are links to malware. You’ve been infected. Start with that assumption…