I built a setup using Tampermonkey userscripts (MCP_v6_FULL_UNBLOCK.js and Gemini MCP v0.6) that inject JavaScript into web interfaces for Claude, Gemini, and ChatGPT. They intercept commands like /[mcp] dir C:\ or /[mcp] Get-Process, forwarding them via WebSocket to a local Node.js server (server.js) listening on port 9999—sometimes exposed through ngrok for remote access.
The server implements a JSON-RPC protocol exposing system tools: shell/PowerShell execution (shell/exec), file read/write (filesystem/read, filesystem/write), and VSCode file opening (vscode/open). Results stream back through WebSocket to the userscript and into the AI chat interface. I also created an iframe retro-browser (Zeno Bro Web Core) — it has minimal sandbox restrictions, so the AI doesn't detect it's running in a browser environment and gets closer to native system access.
In one test, Claude blindly executed PowerShell commands on my machine for dozens of minutes until I told it what was happening—then it stopped and "couldn't do more." The whole system is still rough around the edges and needs polishing, but it shows there's room to push boundaries further. Screenshots show ngrok tunnels active, Zeno browser running, Gemini with MCP connected, and Tampermonkey scripts loaded.
Top comments (0)