If you did not write and deploy it, and or no one you are aware of did so, or it was not part of some packaged you purchased, then the default security process is to fail close / disconnect it from the network / isolate the device / do not tamper it of you ruin forensics / not trusted / kill it, period. Send it to your risk management / security team from review, as a simple text file, or bring the to the system that has it.
If you don’t know what a script is doing, then don’t allow it to run.