As Taz already mentioned: Having a spare hardware device is your best choice.
To gather initial information about the USB stick, I can suggest using usblock: GitHub - cddmp/usblock: A python tool which uses the Linux kernel's USB authorization support to lockdown USB devices (interfaces). Aimed to protect against (some) USB related attack vectors like malicious HID attacks.
When usblock is running, and you insert any USB device, it will prevent the kernel from fully initializing the device, but will only list the device characteristics the device pretends to support. That way, even a rubber ducky or malduino can’t do any harm, as they would show up as “HID devices” in that listing. But since it isn’t allowed to initialize, it can’t start typing fancy keyboard commands.
Once you confirmed that there is no rogue HID device, you can start further investigating the device’s content, while still not connected to any real network. You can use INetSim and/or FakeDNS to simulate a working network, and then investigate the tool logs to see where it tried to connect to (or use Wireshark).
Should it indeed be (or contain) a HID device, you can use USBCap to record the keystrokes it tries to perform.
Finally, while still not connected to any network, you can start investigating the content on the drive. All that should be done on a freshly installed (and fully patched) system without any personal data (not even your WiFi password; use a corded connection to install updates, then remove the cable) that might somehow tie to you.